← Back to Home

Privacy Policy — AI SaaS Platforms & Robotics

Effective Date: August 26, 2025

Contact: support@tungstentechnologies.io

1. Scope and Who We Are

This Privacy Policy explains how Tungsten Technologies ("Tungsten", "we", "our", "us") collects, uses, shares and safeguards personal data in connection with our AI-based software-as-a-service (SaaS) platforms, connected robotics products, websites, apps, and customer support (collectively, the "Services").

2. Key Definitions

• Personal Data: information that relates to an identified or identifiable individual.
• Customer Content: data, files, and instructions you or your users submit to the Services, including data generated by or from your robots when connected.
• Controller / Processor: roles as defined under GDPR and similar laws; typically, Tungsten is a processor for Customer Content and a controller for account, billing, marketing and support data.

3. Information We Collect

Account & Identity Data:

name, email, phone, company, role, billing address, tax IDs.

Authentication & Security Data:

passwords, tokens, MFA secrets (hashed or encrypted where applicable).

Transactional & Billing Data:

plan selections, invoices, payment status (payments processed by PCI-compliant providers; we do not store full card numbers).

Usage & Device Data:

IP address, device identifiers, app version, logs, crash reports, performance metrics, cookies/SDKs (see Cookie Notice).

AI Interaction Data:

prompts, chats, tool calls, feedback, model settings, output ratings.

Robotics & Telemetry Data:

sensor readings, error codes, motor currents, pose/location estimates, firmware versions, maintenance events, and safety events; payload content is configured by you.

Support & Communications:

tickets, emails, chat transcripts, call recordings where permitted by law.

4. How We Use Personal Data

• Provide, maintain, secure and improve the Services; personalize experiences.
• Provision connectivity, over-the-air firmware updates, diagnostics and safety features for robotics.
• Process payments, billing, taxes and accounting.
• Detect, prevent and investigate fraud, abuse, and security incidents.
• Provide customer support, training and service communications.
• Comply with legal obligations and enforce our terms, including safety and export control compliance.
• With consent or as permitted by law, send marketing messages; you can opt out anytime.

5. Legal Bases for Processing

Where the EU/UK GDPR applies, our legal bases include performance of contract, legitimate interests (e.g., service security and improvement), consent (e.g., non-essential cookies, certain marketing), and legal obligations. Where the California CCPA/CPRA applies, we honor consumer rights and opt-out mechanisms. For India's Digital Personal Data Protection Act (DPDP Act), we process data per applicable consent and other lawful bases once notified; pending final rules, we align our practices with published drafts and guidance.

6. AI & Automated Decision-Making Transparency

We may use AI/ML models to provide features such as content generation, summarization, recommendations, anomaly detection, and autonomy components for robotics.

We disclose where AI is used in user-facing features and provide controls to opt out where feasible. Critical decisions affecting legal or similar significant effects are not made solely by automated means without appropriate safeguards.

AI outputs can be inaccurate or inappropriate; you should evaluate outputs before relying on them, especially for safety-critical tasks.

7. Model Training & Data Use Options

By default, Customer Content (including AI prompts and robotics telemetry tied to your account) is not used to train our foundation models unless (a) you provide explicit consent in product settings or a signed addendum, or (b) we use de-identified or aggregated data that cannot reasonably be linked back to an individual or your organization. Enterprise customers may contractually prohibit training use.

8. Cookies & Similar Technologies

We use cookies/SDKs for functionality, analytics and, where applicable, advertising. Non-essential cookies are deployed only with consent where required by law. You can change preferences anytime via the "Cookie Settings" link in our footer. See our Cookie Notice for categories, providers, and retention.

9. How We Share Personal Data

• Service Providers/Sub-processors (hosting, analytics, support, payments, logistics) under data protection agreements.
• Affiliates for internal operations consistent with this Policy.
• Legal/Compliance to meet applicable law, safety requirements, lawful requests, or to enforce our agreements.
• Business Transfers in connection with a merger, acquisition, or asset sale.

10. International Transfers

We operate globally. Where required, we use appropriate safeguards for cross-border transfers (e.g., EU Standard Contractual Clauses, UK IDTA). Under India's DPDP Act, cross-border transfers are permitted unless restricted by government notification; we will update our mechanisms once final rules are notified.

11. Data Retention

We retain personal data for as long as necessary for the purposes described above, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention: account/billing for at least the contract term plus 7 years for tax; logs and telemetry 12–24 months (or as configured); support records 3 years; marketing preferences until you opt out.

12. Security

• Administrative, technical and physical safeguards proportionate to risk (e.g., role-based access controls, encryption in transit and at rest where applicable, network segmentation, vulnerability management, MFA for privileged access).
• Robotics-specific safety: authenticated OTA updates, signed firmware, tamper detection where supported.

13. Your Rights & Choices

• GDPR: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.
• CCPA/CPRA: know/access, correct, delete, portability, opt-out of sale/share, limit use of sensitive personal information, non-discrimination.
• India DPDP: access, correction, erasure, grievance redressal, consent withdrawal, and nomination of a representative (once in force).

To exercise rights or appeal a decision, email support@tungstentechnologies.io. We will verify your request and respond within applicable timelines.

14. Children's Privacy

Our Services are not directed to children under the age required by local law (13 in the U.S.; under 18 in India). Where children's data is processed (e.g., in education contexts), we require verifiable parental consent and appropriate safeguards.

15. Grievance Officer / DPO

For India, until otherwise notified, our Grievance Officer can be reached at support@tungstentechnologies.io. Where required, we will appoint a Data Protection Officer and publish contact details.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via email or in-product notices. Continued use of the Services after the effective date means you accept the updated Policy.

17. Contact Us

Tungsten Technologies — Email: support@tungstentechnologies.io